"It's handled very different between open-source projects," said Vincent Berg, researcher at security firm IOActive. "There are projects that have a very active approach to it. The big Linux distributions and the different BSD flavors tend to do a pretty good job." The Ruby on Rails Web application software project also recently moved quickly to make needed updates for security purposes, Berg said.
He says his impression is that better handling of security issues in open source seems to come from those that provide users with mailing lists about security which users are advised to subscribe to, and "most of these distributions have dedicated security contacts."
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.